Privilege Escalation Detecting in Android Applications

被引:3
|
作者
Zhong, Xingqiu [1 ]
Zeng, Fanping [1 ,2 ]
Cheng, Zhichao [1 ]
Xie, Niannian [1 ]
Qin, Xiaoxia [1 ]
Guo, Shuli [1 ]
机构
[1] Univ Sci & Technol China, Sch Comp Sci & Technol, Hefei, Anhui, Peoples R China
[2] Anhui Prov Key Lab Software Comp & Commun, Hefei, Anhui, Peoples R China
来源
2017 3RD INTERNATIONAL CONFERENCE ON BIG DATA COMPUTING AND COMMUNICATIONS (BIGCOM) | 2017年
关键词
Android Applications; Privilege Escalation; Control Flow Analysis;
D O I
10.1109/BIGCOM.2017.21
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As the most popular mobile operating system, there are large amount of applications developed for Android. Considering security issues, developers are forced to declare relative permissions in manifest file when they need to use sensitive APIs. With the ability of inter-component communication (ICC) provided by Android, malicious applications can indirectly call sensitive APIs through components exposed by other applications, leading to privilege escalation. To address this problem, we propose a method to detect this kind of privilege escalation between two applications. First, we compare the permission sets of both applications. Then, if necessary we identify call links between two applications and perform inter-application control flow analysis. Finally, according to the result of control flow analysis, we can judge whether the privilege escalation exists. As the experiment result shows, our method can accurately detect privilege escalation between two applications.
引用
收藏
页码:39 / 44
页数:6
相关论文
共 50 条
  • [21] A Tale of Four Gates Privilege Escalation and Permission Bypasses on Android Through App Components
    Aldoseri, Abdulla
    Oswald, David
    Chiper, Robert
    COMPUTER SECURITY - ESORICS 2022, PT II, 2022, 13555 : 233 - 251
  • [22] Risk measurement method for privilege escalation attacks on android apps based on process algebra
    Shen, Limin
    Li, Hui
    Wang, Hongyi
    Wang, Yihuan
    Feng, Jiayin
    Jian, Yuqing
    Information (Switzerland), 2020, 11 (06):
  • [23] Detecting Malware with Similarity to Android applications
    Park, Wonjoo
    Kim, Sun-joong
    Ryu, Won
    2015 INTERNATIONAL CONFERENCE ON ICT CONVERGENCE (ICTC), 2015, : 1249 - 1251
  • [24] Preventing privilege escalation
    Provos, N
    Friedl, M
    Honeyman, P
    USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, 2003, : 231 - 241
  • [25] Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating
    Xing, Luyi
    Pan, Xiaorui
    Wang, Rui
    Yuan, Kan
    Wang, XiaoFeng
    2014 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2014), 2014, : 393 - 408
  • [26] DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android (Short Paper)
    Heuser, Stephan
    Negro, Marco
    Pendyala, Praveen Kumar
    Sadeghi, Ahmad-Reza
    FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2016, 2017, 9603 : 260 - 268
  • [27] An Efficient Scheme of Detecting Repackaged Android Applications
    QIN Zhongyuan
    PAN Wanpeng
    XU Ying
    FENG Kerong
    YANG Zhongyun
    ZTECommunications, 2016, 14 (03) : 60 - 66
  • [28] Detecting GPS Information Leakage in Android Applications
    Ma, Siyuan
    Tang, Zhushou
    Xiao, Qiuyu
    Liu, Jiafa
    Tran Triet Duong
    Lin, Xiaodong
    Zhu, Haojin
    2013 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2013, : 826 - 831
  • [29] Detecting Anomalous Energy Consumption in Android Applications
    Couto, Marco
    Carcao, Tiago
    Cunha, Jacome
    Fernandes, Joao Paulo
    Saraiva, Joao
    PROGRAMMING LANGUAGES, SBLP 2014, 2014, 8771 : 77 - 91
  • [30] Characterizing and Detecting Resource Leaks in Android Applications
    Guo, Chaorong
    Zhang, Jian
    Yan, Jun
    Zhang, Zhiqiang
    Zhang, Yanli
    2013 28TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2013, : 389 - 398
12345